virtualizationservice to use "staged" apexes
Virtualizationservice queries "package_native" service to get staged
apex info and then reads staged apexes to VM.
Bug: 199146189
Test: MicrodroidHostTestCases
Change-Id: Icbfe5b9a05abc08d3e0270d15969f632b3f57c66
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 3b23449..0b02745 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -13,6 +13,8 @@
# Allow calling into the system server so that it can check permissions.
binder_call(virtualizationservice, system_server)
allow virtualizationservice permission_service:service_manager find;
+# Allow virtualizationservice to access "package_native" service for staged apex info.
+allow virtualizationservice package_native_service:service_manager find;
# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
add_service(virtualizationservice, virtualization_service)
@@ -51,6 +53,7 @@
allow virtualizationservice apex_info_file:file r_file_perms;
allow virtualizationservice apex_data_file:dir search;
allow virtualizationservice staging_data_file:file r_file_perms;
+allow virtualizationservice staging_data_file:dir search;
# Let virtualizationservice to accept vsock connection from the guest VMs
allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };